3 matches found
CVE-2021-24293
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...
CVE-2021-24293
The CVE-2021-24293 entry concerns the NextGEN Gallery Pro WordPress plugin (before 3.1.11). The vulnerability occurs in the eCommerce module: an action invokes photocrati_ajax to call get_cart_items, after which settings[shipping_address][name] can be manipulated to inject malicious JavaScript. D...
CVE-2021-24293 NextGEN Gallery Pro < 3.1.11 - Reflected Cross-Site Scripting (XSS)
In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call getcartitems via photocratiajax , after that the settingsshippingaddressname is able to inject malicious javascript...